To Combat Firesheep, Microsoft’s Bing Looking Into SSL

Microsoft’s Bing is looking into SSL and other privacy
settings for the next version of their search engine. Currently the site strips
SSL when forced into HTTPS and in turn, brings up an advisory on browsers signaling
an unsafe connection.

Introduced at Toorcon, the Firefox extension allows
attackers to capture site cookies from users on unsecured wireless networks and
browse under their logon.

Microsoft’s Bing is looking into SSL and other privacy
settings for the next version of their search engine. Currently the site strips
SSL when forced into HTTPS and in turn, brings up an advisory on browsers signaling
an unsafe connection.

Introduced at Toorcon, the Firefox extension allows
attackers to capture site cookies from users on unsecured wireless networks and
browse under their logon.

With the advent of Firesheep and subsequently, its surge of recently
converted hackers, HTTP session hijacking is becoming more and more of a
concern. Sites like Bing will have to adopt suitable security techniques to
contend with the extensions’ further proliferation.  

Firefox 4, scheduled for release by the end of the year will
help. As
reported in August
, the browser will receive HTTP Strict Transport
Security, ensuring the browser always requests a safe HTTPS session from sites.
However If sites like Bing don’t implement SSL into sites, the lack of full-end
encryption will still be a problem and HTTPS won’t even be an option.

Network
World has more on this story.


Suggested articles

Google Analytics Emerges as a Phishing Tool

Web analytics help phishers hone their attacks — but website defenders can also use these tactics to better detect the scope of attacks and mitigate their effects.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.